General
-
Target
607e933de863079ad4951af3f23bcfd0_NeikiAnalytics.exe
-
Size
120KB
-
Sample
240523-ambzmsef52
-
MD5
607e933de863079ad4951af3f23bcfd0
-
SHA1
6f36e33c472f58cfb65f0385e13bb25c9ad32219
-
SHA256
493a3d28030bc5b394d23d1b2b19bbeb0888f9c814b548e4285acb12c778bd0e
-
SHA512
50265b1ff0d0647df4b77831d3e853025ee5bbd043f536749c489eba8f4686803e395acbd6d0fd765b57c849a41e0c0d5f11f08d29083e0948030a0f093b0a90
-
SSDEEP
3072:/9RrsfT5yvRJ3IJh+frQUq3BxGmTiuK23:/9RrsfT5ypAh+Up3xiux3
Static task
static1
Behavioral task
behavioral1
Sample
607e933de863079ad4951af3f23bcfd0_NeikiAnalytics.dll
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
607e933de863079ad4951af3f23bcfd0_NeikiAnalytics.exe
-
Size
120KB
-
MD5
607e933de863079ad4951af3f23bcfd0
-
SHA1
6f36e33c472f58cfb65f0385e13bb25c9ad32219
-
SHA256
493a3d28030bc5b394d23d1b2b19bbeb0888f9c814b548e4285acb12c778bd0e
-
SHA512
50265b1ff0d0647df4b77831d3e853025ee5bbd043f536749c489eba8f4686803e395acbd6d0fd765b57c849a41e0c0d5f11f08d29083e0948030a0f093b0a90
-
SSDEEP
3072:/9RrsfT5yvRJ3IJh+frQUq3BxGmTiuK23:/9RrsfT5ypAh+Up3xiux3
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3